Take a walk on the Wild side . . .
UFW Port forward /masquerade
/etc/ufw/before.rules
*nat
:PREROUTING ACCEPT Array
# forward 129.232.230.123 port 22 to 192.168.230.123:22
-A PREROUTING -i eno1:1 -d 129.232.230.123 -p tcp --dport 22 -j DNAT --to-destination 192.168.230.123:22
# setup routing
-A POSTROUTING -s 192.168.230.0/24 ! -d 192.168.230.0/24 -j MASQUERADE
COMMIT
NOTE: NET-TOOLS (e.g. ifconfig) DEPRECATED. USE IPROUTE2
ip addr add 129.232.230.123/29 dev eno1 label eno1:0
iptables -t nat -A PREROUTING --src 129.232.230.123/29 -j NETMAP --to 192.168.230.123/24
WORKS:
https://sandilands.info/sgordon/linux-servers-as-kvm-virtual-machines
iptables -t nat -I PREROUTING -d 129.232.230.123 -j DNAT --to-destination 192.168.230.123
iptables -t nat -I POSTROUTING -s 192.168.230.123 -j SNAT --to-source 129.232.230.123
iptables -t nat -I PREROUTING -d 129.232.230.124 -j DNAT --to-destination 192.168.230.124
iptables -t nat -I POSTROUTING -s 192.168.230.124 -j SNAT --to-source 129.232.230.124
iptables -I FORWARD -p tcp -d 192.168.230.123 --dport 22 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.230.123--dport 25 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.230.123--dport 110 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.230.124 --dport 22 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.230.124 --dport 25 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.230.124 --dport 110 -j ACCEPT
In a nutshell:
iptables -t nat -I PREROUTING -d 129.232.230.123 -j DNAT --to-destination 192.168.230.123
iptables -t nat -I POSTROUTING -s 192.168.230.123 -j SNAT --to-source 129.232.230.123
iptables -I FORWARD -p tcp -d 192.168.230.123 --dport 22 -j ACCEPT
iptables -t nat -I PREROUTING -d 129.232.230.124 -j DNAT --to-destination 192.168.230.124
iptables -t nat -I POSTROUTING -s 192.168.230.124 -j SNAT --to-source 129.232.230.124
iptables -I FORWARD -p tcp -d 192.168.230.124 --dport 22 -j ACCEPT
Convert to UFW:
https://devops.profitbricks.com/tutorials/deploy-outbound-nat-gateway-on...
nano /etc/default/ufw
change DEFAULT_FORWARD_POLICY="DROP" to "ACCEPT"
iptables -I FORWARD -p tcp -d 192.168.230.0/24 -j ACCEPT
iptables -I FORWARD -p udp -d 192.168.230.0/24 -j ACCEPT
IPTABLES QEMU HOOK https://www.libvirt.org/hooks.html
nano /etc/libvirt/hooks/network
iptables -I FORWARD -d 192.168.230.0/24 -j ACCEPT`
FLUSH IPTABLES
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
Total views: 2,208 |
Comments
Add new comment